Azure Files with Azure AD Authentication

Azure Storage newest addition for authorization.

Introduction

In this post, I’m going to talk about Azure Files, the limitations and the light at the end of a long, dark tunnel of authenticating to this service.

As always, here is the official Microsoft Doc.

I’d like to mention there are other options (other than what’s supported on GA offerings) for achieving this purpose, all of which are outside the realm of using Azure Files natively.

Overview

Azure files is a part of Azure Storage.
Storage is comprised of:
Blobs – “optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn’t adhere to a particular data model or definition, such as text or binary data.”
Files – “fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol”
Tables – “stores structured NoSQL data” (columnar storage)
Queues – “stores large numbers of messages”

Onto Azure Files…

As stated, this is Microsoft’s way of offering managed file shares. Using SMB, it’s very easy to connect to these shares over the internet or VPN, whichever setup you choose.

The downside with this service would be 1) method of authentication and 2) permissions over the files that exist in the share. I’ve had my fair share of discussions about this service with its inherent lack of ACLs – until recently.

Recent Changes

Recently, Microsoft released AD based authentication and security over Azure File shares but this was reserved for people who utilized Azure Active Directory Domain Services (AAD DS). This is a fully managed Domain Controller service. My assumption as to why they released this first was simply control over the directory, that may have interacted with Azure Files on a deeper level for testing before releasing an more popular adoption model.

Upcoming Changes

Finally!

In preview, Azure Files with Azure AD authentication!.

This addition would be a huge win for the community that utilize, want to or have left Azure Files but would like to return.

The reason why this would be a huge win is simple…simplicity! Having a one stop shop to manage your users, their access to services and the data that resides within Azure Files (ACLs!).

Previously, control over a share was reliant on Azure Role Based Access Control and this presided over the blobs within a container, not how the operating system can interact with them from an active user session. Think of it like allowing someone to ride in your car or not (RBAC), but no control if they decide to change the radio station(ACLs). (That’s not the best example, but you get my point).

Conclusion

For now, this seems to be in preview under certain limitations. I will evaluate each scenario in depth from the link above and provide an update later on.

If you’d like to request or see more potential changes, visit the Microsoft Feedback Hub.

Thank you for reading!

Advertisement

Leave a Reply

Your email address will not be published. Required fields are marked *